The invention relates to a method and a system for providing an access-specific key for securing a data transfer between a mobile terminal and a node of an access network.
With the TCP/IP protocol, the Internet offers a platform for the development of higher-level protocols for the mobile sector. Since the Internet protocols are widely used, a large group of users can be tapped into by upgrading the protocols appropriately for mobile environments. The known Internet protocols were not, however, originally designed for mobile use. In known Internet packet switching, the packets are exchanged between stationary computers which neither change their network address nor roam between various subnetworks. In radio networks connecting mobile terminals and computers, mobile computers MS (mobile stations) are frequently integrated into various networks. With the aid of an appropriate server, DHCP (Dynamic Host Configuration Protocol) makes it possible for an IP address and further configuration parameters to be assigned dynamically to a computer in a network. A computer which is integrated into a network is automatically assigned a free IP address by the DHCP protocol. If a mobile computer has DHCP installed, it has only to come within range of a local network which supports the configuration via the DHCP protocol. With the DHCP protocol, dynamic address allocation is possible, i.e. a free IP address is automatically allocated for a defined period. After this period has expired, either the request has to be resubmitted by the mobile computer MS or the IP address can be allocated elsewhere.
With DHCP, a mobile computer MS can be integrated into a network without being configured manually. The only requirement is that a DHCP server be available. In this way, a mobile computer MS can use services of the local network and, for example, use files stored centrally. However, if a mobile computer MS offers services itself, a potential service user is unable to locate the mobile computer MS since its IP address changes in each network into which the mobile computer is integrated. The same happens if an IP address changes during an existing TCP connection. This leads to the connection being interrupted. With Mobile IP, a mobile computer MS is therefore assigned an IP address which it also retains in a different network. When switching IP network conventionally, it is necessary to adapt the IP address settings appropriately. Constant adaptation of the IP and known automatic configuration mechanisms interrupts the existing connection when the IP address is switched. The MIP protocol (RFC2002, RFC2977, RFC3344, RFC3846, RFC3957, RFC3775, RFC3776, RFC4285) supports the mobility of mobile terminals MS. With the known IP protocols, the mobile terminal MS has to adapt its IP address each time it switches IP subnetwork in order for the data packets addressed to the mobile terminal MS to be routed correctly. In order to maintain an existing TCP connection, the mobile terminal MS has to retain its IP address, as a switch of address will lead to an interruption of the connection. The MIP protocol enables a transparent connection between the two addresses, namely a permanent home address and a second temporary care/of address. The care/of address is the particular IP address at which the mobile terminal MS can currently be reached.
A home agent HA is a proxy of the mobile terminal MS, for as long as the mobile terminal MS is not located in the original home network. The home agent is continuously informed about the current whereabouts of the mobile computer MS. The home agent HA is normally a component of a router in the mobile terminal's home network. When the mobile terminal MS is located outside the home network, the home agent HA provides a function in order that the mobile terminal MS can log on. The home agent HA then forwards the data packets addressed to the mobile terminal MS to the current subnetwork of the mobile terminal MS.
A foreign agent FA is located in the subnetwork in which the mobile terminal MS is moving. The foreign agent FA forwards incoming data packets to the mobile terminal MS or to the mobile computer MS. The foreign agent FA is located in a so-called visited network. The foreign agent FA is also normally a component of a router. The foreign agent FA routes all administrative mobile data packets between the mobile terminal MS and its home agent HA. The foreign agent FA unpacks the tunneled IP data packets sent by the home agent HA and forwards the data therein to the mobile terminal MS.
The home address of the mobile terminal MS is an address at which the mobile terminal MS can be reached permanently. The home address has the same address prefix as the home agent HA. The care/of address is the particular IP address which the mobile terminal MS uses in the visited network.
The home agent HA maintains a so-called mobility binding table (MBT). The entries in this table serve in assigning the two addresses, i.e. the home address and the care/of address, of a mobile terminal MS to one another and in rerouting the data packets correspondingly.
The MBT table contains entries concerning the home address, the care/of address and a specification of the time span during which this assignment is valid (lifetime). FIG. 1 shows an example of a mobility binding table MBT according to the related art.
The foreign agent FA contains a visitor list (VL) which contains information about the mobile terminals NS which are currently located in the IP network of the foreign agent FA. FIG. 2 shows an example of this type of visitor list according to the related art.
In order for a mobile computer NS to be integrated into a network, it must firstly ascertain whether it is located in its home network or a visited network. In addition, the mobile terminal MS has to ascertain which computer in the subnetwork is the home agent and the foreign agent. This information is determined through so-called agent discovery.
The subsequent registration enables the mobile terminal MS to communicate its current location to its home agent HA. To do this, the mobile computer or the mobile terminal MS sends the current care/of address to the home agent. To register, the mobile computer MS sends a registration request to the home agent. The home agent HA enters the care/of address into its list and responds with a registration reply. There is, however, a security problem here. Since in principle any computer can send a registration request to a home agent HA, it could easily be simulated to a home agent HA that a computer had moved into a different network. In this way, a foreign computer could acquire all the data packets of a mobile computer or mobile terminal MS without a sender finding out. In order to prevent this, the mobile computer MS and the home agent HA have shared secret keys. If a mobile computer MS returns to its home network, it deregisters with the home agent HA as the mobile computer MS can now receive all data packets itself. A mobile radio network must have the following security characteristics inter alia. Information must be made accessible only to desired communication partners, i.e. undesired eavesdroppers must not be given access to transferred data. The mobile radio network must therefore have the characteristic of confidentiality. Besides this, authenticity must be a given. Authenticity allows a communication partner to establish beyond doubt whether a communication has actually been set up to a desired communication partner or whether a foreign party is posing as the communication partner. Authentications can be carried out for each message or for each connection. Where authentication is carried out on a connection basis, the communication partner is identified once only at the start of a session. It is then assumed for the remaining course of the session that the messages which follow continue to originate from the corresponding sender. Even where the identity of a communication partner is established, i.e. the communication partner is authenticated, the case can arise where this communication partner may not access all resources or may not use all services via the network. In this case, a corresponding authorization requires prior authentication of the communication partner.
In mobile data networks, messages have to cover longer pathways via air interfaces and are consequently more easily accessible to potential hackers. In mobile and wireless data networks, security aspects therefore play a special role. Encryption techniques represent-a key way for increasing security in data networks. Through encryption, it is possible to transfer data over insecure communication pathways, for example over air interfaces, without unauthorized third parties gaining access to the data. For encryption, the data, i.e. the so-called plaintext, has to be transformed with the aid of an encryption algorithm into ciphertext. The encrypted text can be transported over the insecure data transmission channel and then decrypted or deciphered.
WiMax (Worldwide Interoperability for Microwave Access), a highly promising wireless access technology, is being proposed as a new standard which uses IEEE 802.16 for radio transmission. Using WiMax, transmitting stations are intended to supply a range of up to 50 km at data rates of over 100 Mbit per second.
FIG. 3 shows a reference model for a WiMax radio network. A mobile terminal MS is located within the range of an access network (ASN: access serving network). The access network ASN is connected via at least one visited network (visited connectivity service network VCSN) or intermediate network to a home network HCSN (home connectivity service network). The various networks are connected to one another via interfaces or reference points R. The home agent HA of the mobile station MS is located in the home network (HCSN) or in one of the visited networks (VCSN).
WiMax supports two implementation variants of Mobile Internet Protocol (MIP), namely a so-called client MIP (CMIP), in which the mobile station MS itself implements the MIP client function, and proxy MIP (PMIP), in which the MIP client function is implemented by the WiMax access network ASN. The functionality provided for this purpose in the ASN is called a proxy mobile node (PMN) or PMIP client. Therefore, MIP can also be used with mobile stations MS which do not themselves support MIP.
FIG. 4 shows the setting up of a connection by proxy MIP (PMIP), when the home agent HA is located in the visited network VCSN, according to the related art.
After a radio connection has been set up between the mobile terminal MS and a base station BS, an access authentication is carried out firstly. The function of authentication, authorization and accounting is carried out by so-called AAA servers (AAA: authentication, authorization and accounting). Authentication messages are exchanged between the mobile terminal MS and the AAA server of the home network (HAAA), by which messages the address of the home agent HA and an authentication key are obtained. The authentication server in the home network contains the profile data of the subscriber. The AAA server receives an authentication request message which contains a subscriber identity of the mobile terminal. Following successful access authentication, the AAA server generates an MSK key (MSK: master session key) to protect the data transfer pathway between the mobile terminal MS and the base station BS of the access network ASN. This MSK key is transmitted from the AAA server of the home network via the intermediate network CSN to the access network ASN.
After access authentication, the DHCP proxy server in the access network ASN is configured, as can be seen from FIG. 4. If the IP address and host configuration is already contained in the AAA reply message, all the information is downloaded into the DHCP proxy server.
After successful authentication and authorization, the mobile station or the mobile terminal MS sends a DHCP discovery message and assignment of an IP address takes place.
If a mobile terminal MS is integrated into a network, the mobile terminal MS will possibly have to ascertain whether it is located in a home network or a visited network. Furthermore, the mobile terminal MS must ascertain which computer is in the respective network of the home agent or the foreign agent. This information is determined through so-called agent discovery. There are two types of agent discovery, namely agent advertisement and agent solicitation.
In agent advertisement, the agents, i.e. the home or foreign agents, periodically send broadcast messages to all the computers and mobile terminals of the subnetwork. Any computer which eavesdrops on the broadcast messages within a defined period can thus identify the agents in the respective subnetwork.
When a mobile terminal MS is reactivated, it is not generally practical to wait for the next agent advertisement. The mobile terminal MS has to know immediately in what subnetwork it is currently located. Using so-called agent solicitation, the mobile terminal MS therefore sends a request to all the computers of the respective subnetwork to carry out an agent advertisement. By agent solicitation, the mobile terminal MS can force the agents to reveal themselves immediately, so the waiting time is reduced considerably. Agent solicitation is also carried out where an agent advertisement fails, for example in the event of packet loss or switching network. With the aid of agent discovery, a mobile terminal MS can also establish whether it is located in its home network or in a visited network. Based on the packet information within an agent advertisement message, the mobile terminal MS identifies its home agent HA. If the mobile terminal MS receives message packets from a visited network, then it can additionally establish whether its position has changed since the last advertisement. If the mobile terminal MS does not receive an advertisement message, the mobile terminal MS initially assumes that it is located in the home network and the home agent HA is faulty. The mobile terminal MS then tries to establish contact with the router of the network in order to confirm this assumption. If the mobile terminal MS is not located in its home network, it subsequently tries to access a DHCP server and to obtain an address of the subnetwork. If this is successful, the mobile terminal MS uses this address as a so-called colocated care/of address and establishes contact with the home agent HA. The colocated care/of address is an address which is assigned to the mobile terminal MS in the visited network and is also communicated to the home agent HA.
A distinction is made between network-based mobility management (PMIP) and terminal-based mobility management (CMIP). In terminal-based mobility management (CMIP), the terminal supports Mobile IP (MIP). FIG. 4 shows the setting up of a connection using known network-based mobility management (PMIP), while FIG. 5 represents the setting up of a connection using known terminal-based mobility management (CMIP).
When a connection is set up between the mobile terminal MS and the network, the authentication server of the home network (H-AAA), after successfully authenticating the subscriber, sends an authentication confirmation message (SUCCESS). The authentication confirmation message notifies the authentication client that authentication of the subscriber has been completed successfully.
In the case of proxy MIP or network-based mobility management (PMIP), the mobile terminal does not support Mobile IP or the corresponding MIP software is not activated in the mobile terminal MS.
In the case of client MIP (CMIP) or terminal-based mobility management on the other hand, Mobile IP is supported by the respective terminal or mobile station MS.
In proxy MIP, the mobile terminal MS recognizes only an IP address assigned by the DHCP server. The care/of address of the mobile terminal MS is known not to the mobile terminal but to the PMP client, the foreign agent FA and the home agent HA. In client MIP, on the other hand, the mobile terminal MS recognizes both its IP addresses, i.e. both the home address and the care/of address.
As can be seen from FIGS. 4 and 5, MIP registration takes place after IP address assignment. In MIP registration, the home agent HA is informed about the current location of the mobile terminal MS. To register, the mobile terminal MS or the corresponding PMIP client sends a registration request containing the current care/of address to a home agent HA. The home agent HA enters the care/of address in a list administered by it and responds with a registration reply. Since in principle any computer can send a registration request to a home agent HA, it could easily be simulated to a home agent HA that a computer or mobile terminal MS had moved into a different network. In order to prevent this, both the mobile terminal MS and the home agent HA have a shared secret key, namely a Mobile IP key (MIP-KEY).
In proxy MIP, the registration request (MIPRRQ) is transferred from a PMIP client within the access network ASN via a foreign agent FA to the home agent HA. The home agent HA has a key for the subscriber assigned to it by the relevant authentication server H-AAA and transfers this key with the MIP registration reply, as shown in FIG. 4.
In terminal-based mobility management (CMIP), the registration request message (MIPRRQ) is routed directly from the mobile terminal MS via the foreign agent FA to the home agent HA, as shown in FIG. 5.
In WiMax access networks, Proxy Mobile IP (PMIP) is used besides Mobile IP (CMIP), in order to make mobility management possible for clients which do not themselves have any Mobile IP client functionality. In PMIP, a Proxy Mobile IP client, which carries out the MIP signaling on behalf of the client, is provided in the access network. These mobility protocols are used in WiMax for a handover between two access networks ASN or between two network access providers NAP. Here, the relevant WiMax home agent may be located optionally in a WiMax home network HCSN or in a visited WiMax network (VCSN). It is assumed in WiMax that a home AAA server is located in the home network HCSN, which knows the long-term cryptographic keys shared with the user as well as further usage parameters.
During registration, the WiMax home agent requests security parameters, for example temporary cryptographic keys, from the WiMax home AAA server. These are needed so that only one authorized client can register with the home agent and in order to protect the MIP signaling. As part of the authentication and key agreement protocol which the mobile terminal executes with the authentication server, the mobile terminal can also derive these security parameters itself. In a WiMax access network, an AMSK or Mobile IP root key (MIP-RK) is derived from the EMSK key (extended master session key) and provided. From this Mobile IP root key further keys are then derived for protecting the different communication pathways between the mobile node or the foreign agent FA and the home agent HA. Here, the different mobile IP variants such as mobile IP V6 and mobile IP V4 are derived through separate keys respectively for Client Mobile IP and Proxy Mobile IP.
In known WiMax access networks, interworking or collaboration with networks of different types is not supported.
FIG. 6 shows the interworking between a WiMax access network and a 3rd Generation Partnership Project (3GPP) home network according to the related art. As can be seen from FIG. 6, in the WiMax access network an authentication proxy server (AAA-Relay) is provided which has an interworking unit (IWU) as an interface to the 3GPP home network. When interworking with the 3GPP network, the authentication proxy server takes over the key generation and key derivation which are necessary as part of the logging on of the subscriber onto the network, in order to activate Proxy Mobile IP for the subscriber or the mobile terminal. In the case of Proxy Mobile IP, a Proxy Mobile IP client is located in the ASN gateway or authentication proxy server of the WiMax home network WiMax-CSN. This WiMax home network WiMax-CSN is connected to the 3GPP network, as can be seen in FIG. 6. With Proxy Mobile IP, it is therefore possible for the interworking unit IWU to generate a mobile IP key (MIP-Key) when logging on to a network in order to safeguard the pathway between the Proxy Mobile IP client and the home agent. Here, the Proxy Mobile IP client may be located in the ASN gateway and consequently forms part of the access network infrastructure. It is not therefore necessary in the case of Proxy Mobile IP to modify the 3GPP authentication server, and the 3GPP authentication server does not have to comply with the specifications of the WiMax access network.
In Client Proxy Mobile IP, however, interworking between the WiMax access network and the 3GPP home network is not supported. No suitable protocols currently exist for forwarding security parameters to the client or the mobile terminal. The reason for this is that, in the known procedure, the mobile terminal derives these security parameters from the authentication and key agreement protocol.